Recent Posts

Lots of info all over the web on the heartbleed bugI can only say..Go to any of your websites that are secure.. Change your passwords to something thats at least 14 characters long Letters and Numbers... If for some reason in the Future a website like your bank or Email provider tells you to change your password again DO NOT ignore it.. Just do it..Allot of Banks still have Certificates that are old and outdated..

The Amount of work that will go into securing everything again will probably take a long timeFor instance we have upgraded our Firewall 3 times in 1 week (Not Cisco) Cisco who makes the majority of Commercial firewalls has verified that the bug is in there firewalls and is working as fast as they can to update..

The Bug is not something we need to point fingers or argue about OpenSSL has been secure for more then 15 or more years. What you need to do is protect yourself... Make sure your home router firewall is up to date. Check with the Manufacturer to make sure its still a secure peice of hardware. AND Change your passwords

AT&T is blocking Internet Protocol version 6 (IPv6)Did they break it.. They advertise the ability to use and have info on there websites.. Hundreds of Thousands of Website Developers use it and have it... This Include Google and OpenDNS and even we have it on our other business connections. It even helps 4G be a little faster... If you have AT&T and a XBOX One.. Good luck its not getting IPv6 nowIf you have AT&T and a Cell Service.. Good luck its not getting IPv6 nowIf you have AT&T and a Internet TV.. Good luck its not getting IPv6 nowThis can also slow it up and in some cases bandwidth on Cell phones will be higher use.

According to the Hundreds to thousands of Developers they broke there network again by putting out a bad update to there network.. I tend to believe that.. Others say there preparing to sell IPv6 IP space. Comcast IPv6 works and others that need it can get a Tunnel network from Sixx or my favorite Hurricane Electric only because they have a certification program we enjoy. AND they have been doing it for years.. AT&T might be able to fix there problem if they pick up the phone to HE.net

Years ago.. WELL not that many years.. We got a Internet Business connection from AT&T and we were assured by several people at AT&T that when we need it IPv6 would be available.. AND was...Recently: We were approached by a non profit to help with some special needs and at the time we would have been able to fit there needs using IPv6 to assign encrypted connections to there users.. As of a couple weeks ago this has been put on hold Because AT&T broke it.. No AT&T IPv6..We called AT&T and got the answer NO we cant open IPv6 for you and can't...We dont Need IPv6 protocol 41 from AT&T just open the Protocol

It seems every-time we turn around AT&T either blocks something or breaks it.. We even heard they say its because of security... Grant it, there is a learning curve with IPv6 but we already knew that and control the services we open.. AND I know AT&T can control abuse by slowing up connections, Sending a email or disabling a customer till the abuse is fixed.. Just ask any user of a Cell phone who has Tethered a computer to use internet through there cell phone. Internet is faster with IPv6 as long as Administrators set it right.. AND for the most part its safer then Internet protocol (TCP/IPv4) All your browsers and new Operating systems since Windows XP sp2 and Linux to mention just two support IPv6.. Yeah even Apple

Microsoft had some issues with IPv6 on the New Xbox and fixed what they needed.. If you have a wireless modem/router thats to old you might have to upgrade your router to deal with IPv6 This is part of the learning curve.. Wireless on older versions with IPv6 may lock up.This might be AT&T's problem I'm not sure on that.. We have the Xbox one and disabled v6 because it was part of the learning curve. ANd we replaced the one Wireless router and had no problems with the AT&T router on the wireless with Xbox one. (when IPv6 was working)

I wonder how Microsoft feels about AT&T blocking IPv6(secret partner of U-verse development)

I know theirs allot more to do with this But common AT&T your supporting businesses that don't want to be told how to do business for to much longer.. Cost is one thing breaking our Development and blocking Learning is another.. The future is our Kids and they want to learn network development as well.

Even on one of the AT&T forums A user posted a link to file complaints to the FCC in how there blocking our business Tunnels, Tracert and a few other items.. You can search the Web on how AT&T broke DNS and how they wanted to block FaceTime and more.. Verizon don't get me started

If you want to keep the Internet in the open. The way its supposed to be. Not telling us what we can or cant have Please file a complaint with the FCC. Even the FCC has open rules for the Internet.

If you Feel we need to file a complaint please feel free to a open discussion here and file your complaint here http://www.fcc.gov/complaintsFill out the online form under Broadband, Billing/Service/Availability.

A large portion of the form is dedicated to billing disputes, so I left those blank and filled in item (5) with some text about how AT&T's behavior is a clear violation of the "no blocking" open Internet rules, as set forth here:

There's other complaints going on and AT&T isn't the only one getting thisComcast, Cell phone companies and more.. But its been real enlightening. The recent amount of complaints over IPv6 with AT&T... Considering Europe has been IPv6 enabled for 10 years and its being used more and more since 2005 here

Did I mentioned how AT&T is blocking Tracert.. Its a tool for tracing where a IP is coming from its one of the tools we can use to find and block a bad guy temporarily to keep our connections running.. They wont allow this from our desktops or with our commercial routers behind there equipment.. This is just to name problems AT&T is having.Don't get me started on how bad DNS is.. All companies are having that problem...

To be fair AT&T has done a good job with us.. But its not this hard and some things need to changeOpening protocol 41 is one that needs to happen fast

Here's the FCC thought on IPv6 and Written VERY WELLhttps://www.fcc.gov/guides/internet-protocol-version-6-ipv6-consumersWe're 100% ready are you..? Remember that when your watching TV over the internet But one of the big problems. Most people are scared of change and IPv6 makes life more secure and AT&T probably needs to learn more about empty address segments and UDP packets to no place

Imagine not being able to get to your bank online or Use your Internet ready TV or worse

After using the above settings in Cablenut all these years I have further experimented with increasing my DSL speed. My speed seemed like it got faster and less jerky after adding the "Protect Against SYN Attacks" tweaks below. After using Cablenut manually add these settings in the registry:

Protect Against SYN AttacksA SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.To protect the network against SYN attacks, follow these generalized steps, explained later in this document: Enable SYN attack protection Set SYN protection thresholds Set additional protectionsEnable SYN Attack ProtectionThe named value to enable SYN attack protection is located beneath the registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.Value name:SynAttackProtectRecommended value: 2Valid values: 0, 1, 2Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.Set SYN Protection ThresholdsThe following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are: Value name:TcpMaxPortsExhausted Recommended value: 5 Valid values: 065535 Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered. Value name:TcpMaxHalfOpen Recommended value data: 500 Valid values: 10065535 Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered. Value name:TcpMaxHalfOpenRetried Recommended value data: 400 Valid values: 8065535 Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered. Set Additional ProtectionsAll the keys and values in this section are located under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are: Value name:TcpMaxConnectResponseRetransmissions Recommended value data: 2 Valid values: 0255 Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request. Value name:TcpMaxDataRetransmissions Recommended value data: 2 Valid values: 065535 Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection. Value name:EnablePMTUDiscovery Recommended value data: 0 Valid values: 0, 1 Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack. Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet. Value name:KeepAliveTime Recommended value data: 300000 Valid values: 804294967295 Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. Set NetBIOS ProtectionsAll the keys and values in this section are located under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt\Parameters. These keys and values are: Value name:NoNameReleaseOnDemand Recommended value data: 1 Valid values: 0, 1 Description: Specifies to not release the NetBIOS name of a computer when it receives a name-release request. Use the values that are summarized in Table 1 for maximum protection.Table 1 Recommended Values

Value Name Value (REG_DWORD) EnableICMPRedirect 0 Protect Against SNMP AttacksThe named value in this section is located under the registry key HKLM\System\CurrentControlSet\Services\Tcpip\Parameters.Value:EnableDeadGWDetectRecommended value data: 0Valid values: 0 (disabled), 1, (enabled)Description: Prevents an attacker from forcing the switching to a secondary gatewayUse the value summarized in Table 3 for maximum protection.Table 3 Recommended Values

Value Name Value (REG_DWORD) EnableDeadGWDetect 0 AFD.SYS ProtectionsThe following keys specify parameters for the kernel mode driver Afd.sys. Afd.sys is used to support Windows sockets applications. All of the keys and values in this section are located under the registry key HKLM\System\CurrentControlSet\Services\AFD\Parameters. These keys and values are: Value:EnableDynamicBacklog Recommended value data: 1 Valid values: 0 (disabled), 1 (enabled) Description: Specifies AFD.SYS functionality to withstand large numbers of SYN_RCVD connections efficiently. For more information, see "Internet Server Unavailable Because of Malicious SYN Attacks," at http://support.microsoft.com/default.aspx?scid=kb;en-us;142641. Value name:MinimumDynamicBacklog Recommended value data: 20 Valid values: 04294967295 Description: Specifies the minimum number of free connections allowed on a listening endpoint. If the number of free connections drops below this value, a thread is queued to create additional free connections Value name: MaximumDynamicBacklog Recommended value data: 20000 Valid values: 04294967295 Description: Specifies the maximum total amount of both free connections plus those in the SYN_RCVD state. Value name:DynamicBacklogGrowthDelta Recommended value data: 10 Valid values: 04294967295 Present by default: No Description: Specifies the number of free connections to create when additional connections are necessary. Use the values summarized in Table 4 for maximum protection.Table 4 Recommended Values

Value Name Value (REG_DWORD) EnableDynamicBacklog 1 MinimumDynamicBacklog 20 MaximumDynamicBacklog 20000 DynamicBacklogGrowthDelta 10 Additional ProtectionsAll of the keys and values in this section are located under the registry key HKLM\System\CurrentControlSet\Services\Tcpip\Parameters.Protect Screened Network DetailsNetwork Address Translation (NAT) is used to screen a network from incoming connections. An attacker can circumvent this screen to determine the network topology using IP source routing.Value:DisableIPSourceRoutingRecommended value data: 1Valid values: 0 (forward all packets), 1 (do not forward Source Routed packets), 2 (drop all incoming source routed packets).Description: Disables IP source routing, which allows a sender to determine the route a datagram should take through the network.Do Not Forward Packets Destined for Multiple HostsMulticast packets may be responded to by multiple hosts, resulting in responses that can flood a network.Value:EnableMulticastForwardingRecommended value data: 0Valid range: 0 (false), 1 (true)Description: The routing service uses this parameter to control whether or not IP multicasts are forwarded. This parameter is created by the Routing and Remote Access Service.Only Firewalls Forward Packets Between NetworksA multi-homed server must not forward packets between the networks it is connected to. The obvious exception is the firewall.Value:IPEnableRouterRecommended value data: 0Valid range: 0 (false), 1 (true)Description: Setting this parameter to 1 (true) causes the system to route IP packets between the networks to which it is connected.Mask Network Topology DetailsThe subnet mask of a host can be requested using ICMP packets. This disclosure of information by itself is harmless; however, the responses of multiple hosts can be used to build knowledge of the internal network.Value:EnableAddrMaskReplyRecommended value data: 0Valid range: 0 (false), 1 (true)Description: This parameter controls whether the computer responds to an ICMP address mask request.Use the values summarized in Table 5 for maximum protectionTable 5 Recommended Values

Value Name Value (REG_DWORD) DisableIPSourceRouting 1 EnableMulticastForwarding 0 IPEnableRouter 0 EnableAddrMaskReply 0 PitfallsWhen testing the changes of these values, test against the network volumes you expect in production. These settings modify the thresholds of what is considered normal and are deviating from the tested defaults. Some may be too narrow to support clients reliably if the connection speed from clients varies greatly.

We are adding a Discussion forum for JPS products as the forum used by JPS will be ending soon. Their forum is very quiet (as we know that they provide great documentation and phone support thus making this seem redundant.)

If you are a customer/user of JPS Ratheon products the official support portal of course is to contact JPS directly. However as a tech I know how many times Ive come home and used my search engine to try and locate the answer to an issue that Im working on currently and Im sure many others do as well.

It is my hope that we can gather the answers to questions that come up and assemble them here for anyone that needs them.

By the way Mr. Palmer.I was a victim of bonding back last May when I was out for 96 hours.Just not the kind of Bonding I needed

As you know, I don't need 4 wires for my U-verse. Only two.Last April I began expericing drop of service. I realize later it coincided with heavy rain.As soon as it quit raining I got my servive back.Then we had the week long rain storm come and it knocked me off completely. After dealing with the Issue at the ATT office and finally got a Line man to show up He began the investigation.My fec noise was way out of wack.The House Tech thought it was a bad Gateway Modem,The Line Man checked my House after the nid and it was fine.He ran down to the vRad and that was fine.Puzzled, he was scratching his head. Then all of sudden he dropped everything and ran out to the Phone Tower across the street.I was right behind him.He took the cover off and said AHA!!!!Problem solved.

Even though I don't need 4 wire for my U-verse. The old nid was 4 wired hooked up.But the unused two wires were not hooked up across the street.They were twisted together and stuck in the ground. WET GROUND.It was the source of the FEC and my outage.96 plus hours of no service just because someone stuck that pair in the ground.

But here in Jacksonville, Standard U verse availability is limited and the older neighborhoods didn't have that offer.Until now. I'll explain.My Wife has a lady friend who called me about a month ago asking me about U-verse.I was honest with her and said that if everything is done right. It's great! We did some issues back last may and it took 96 hours to resolve because of in house mistakes at ATT Uverse upper level. We'll leave that at that. Once that was resolved. They got it fixed here at the house real quick.

Anyway, She ordered the U-verse.They came the day she had to work. So her Mom baby sat the House. (First Mistake) Mom hadn't a clue what was going on.The House Tech came, and got the TV and Internet up and running. The Phone was still working.So he left.Then a line man came AFTER wards and worked on the pole outside the house.Then her phone quit working right. She could make out going calls, but wasn't getting incoming calls. Her wireless internet was dropping connections.So she called me.Now, you have to understand.... my thinking was she was getting the same thing I had.I told her to call the Customer Service and raise ****. She did and they will be back May 10th and I will be there. They told her that her phone order had gotten dropped for some reasons and they will fix that.Then what I did was went to her house for a pre investigative inspection.What I saw was nothing like my set up.There was a big ole box outside which I found out later was the iNid,There was a small gateway box in her computer room with just a data cable going in, Nothing going out, It was hooked up to a battery back up. Her only phone was hooked up to a modem by itself. The rest of the house phone jacks didn't work.more Before all this, she was having issues with her phone and att. So. I assume she was getting as dsl phone service?So I came home and did my online home work. I found Dan post and it all hit me. Then Dan told me about Mr Palmer's post here.Her house is being set up for 4 wire ? bonding for U-verse.I had heard rumors of the 4 wire set up. I spoke to a House Techie and he said I didn't need it.The reason she is having issues is because the House Techie left (and never came back) before the Line Main could finish his end.And nobody told her they needed to come back.

It will be an interesting day Friday. The lady Friend suggest I bring a book to read. I said nope.,... I'm going to have my nose pointed at what they are doing and asking a LOT of questions.If this process works, then ATT will inflict more damage to Comcraps market

I'm happy to report that the U-verse install went well this past Friday. The tech had to kill DSL to switch over to U-verse, however I was able to keep the land line as is without transitioning it to U-verse. It took about 3-4 hours in all to complete the setup.

The U-verse box wasn't within line of sight and the Tech had to drive away. Per his explanation, there is fiber up to the C.O. From the CO it is ethernet up over the existing phone lines to the phone box. The Tech advised running a new Ethernet cable to the 2wire as there were multiple phone line outlets and the wires were old.

This is what took most of the time as he had to find a way to bring in the cable. Once everything was done it was a breeze. The tech looked up the IP addresses on his device. With one device up and running I was able to configure the remaining static addresses and it has been smooth sailing since then. Being prepared and knowing what to expect certainly helped

They can leave your DSL live while they do the circuit for the u-verse but they have to kill the dsl to go live with the U-verse since they like using the same pair over.In some cases you could be down most of the day esp. if the U-verse and DSL are in the same area box.

You'll get connected via the two-wire or motorola and if everything is good you'll be taken to the at&t registration server and you'll go through the same old registration they been using for years.. Once it accepts your new email and password go a couple added steps and then test the connection make sure you can surf

The Tech on site will have your static IP addys not to be confused with the IP or subnet the AT&T router is connected to..

Do you know how many feet you are from the C.O and how many feet from the U-verse box?If its the same or about then the pair switch over should go fast...

The fastest we ever had it switched over was 45 minutes.. The DSL pair was in the same box as the U-verse and we were less the 400 feet from the box including inside wire/fiber

In one case it took 3 days.(Really bad wire).. If you have a old KEY phone system DO NOT ALLOW then to jump inside of the control box... It caused a nightmare on one site... We had to replace the whole phone system.. AT&T did pay for the system to be replaced...

The plus....They will stay with it till its running... You might want to byte a couple times till its up and running... I have WELT in mine

Hi Mike Welcome to the board.. The Fast and easy answer "Unfortunately No"

Well you got the simple answer and my Babble

Have a Great Happy NEW YEAR

Dan

Thank you for the welcome Dan and response. I look forward to learning quite a bit from the board and I already am.

The AT&T Sales Rep made it seem as though the switch over would be seamless and everything would work as it was before. I'm glad I now know what to expect and may need to push out the transition date to a future one to allow me to prepare (set up a new box with NICs, perform the install, get ready to make DNS changes).

The upgrade is certainly worth it, my current plan has a 3mb down and a 384kbps up, though I'm sure the upload speed is more than what it states on paper. The AT&T rep also noted that the DSL circuit was shared and therefore subject to buffering and slower speeds while U-Verse would be much faster.

I've worked some with Pfsense, limited configuration however but I'm glad to know it is up to the job in getting the static IPs setup going. I don't have a TV subscription at the moment so anything over that would be a plus.

When transitioning from AT&T DSL with a static IP package to U-Verse, is it still possible to remain the same static IP addresses as allocated for the DSL service?

Hi Mike Welcome to the board.. The Fast and easy answer "Unfortunately No"

I had 2 locations with AT&T DSL 10 static IP's. I was Myth-ed at why the same company had to port us to new IP's.. U-verse is a complete different animal. On a different Layer of there network.

Since posting "AT&T Uverse Business STATIC IP Addresses" at this link http://www.dslnuts.com/discussion/index.php/topic,6394.0.html I can honestly say having U-verse with Static IP's I'm extreeeeeeeemly happy I did it.We needed the bandwidth to deal with our servers esp. uploads and the 20plus domains and its been more reliable over what we had with AT&T DSL... Adding the pfSense was a big change for us as well. I'll probably jinx us But we have had no outages

Our older Grandfathered DSL connection from Cyberonic business is what this board(dslnuts) is running on So I hope you wont hold had against us... broadbandnuts.com cablenut.com and this site with pictures http://www.mineolamarine.com/photos/ are running on the U-verse connection..

with our old DSL's we averaged 6gig in web pages now we average twice that and get more work done.Heck one of our sites(without domains) averages 34 gig in just RDP per month.ORWe're up to 12 U-verse locations co-located and out of that only one gave problems in the 1st two weeks with bad Motorola routers the 4th was a charm..

If you ask me how U-verse TV... I can't answer... We have Directv but its never sucked the bandwidth dry